improvements to login UI, upgrades libraries

makes the login experience a bit friendlier to non-developer users

3 files changed, 33 insertions, 29 deletions

diff --git a/controllers/auth.php b/controllers/auth.php
index e6a2d24..d812956 100644
--- a/controllers/auth.php
+++ b/controllers/auth.php
@@ -31,9 +31,11 @@ $app->get('/auth/start', function() use($app) {
 
   $_SESSION['attempted_me'] = $me;
 
-  $authorizationEndpoint = IndieAuth\Client::discoverAuthorizationEndpoint($me);
-  $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me);
-  $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me);
+  $_SESSION['indieauth'] = [
+    'authorization_endpoint' => ($authorizationEndpoint=IndieAuth\Client::discoverAuthorizationEndpoint($me)),
+    'token_endpoint' => ($tokenEndpoint=IndieAuth\Client::discoverTokenEndpoint($me)),
+    'micropub_endpoint' => ($micropubEndpoint=IndieAuth\Client::discoverMicropubEndpoint($me)),
+  ];
 
   $defaultScope = 'create update media';
 
@@ -74,16 +76,6 @@ $app->get('/auth/start', function() use($app) {
 
   } else {
 
-    if(!$user)
-      $user = ORM::for_table('users')->create();
-    $user->url = $me;
-    $user->date_created = date('Y-m-d H:i:s');
-    $user->micropub_endpoint = $micropubEndpoint;
-    $user->authorization_endpoint = $authorizationEndpoint;
-    $user->token_endpoint = $tokenEndpoint;
-    $user->micropub_access_token = ''; // blank out the access token if they attempt to sign in again
-    $user->save();
-
     if(k($params, 'dontask') && $params['dontask']) {
       // Request whatever scope was previously granted
       $authorizationURL = parse_url($authorizationURL);
@@ -131,7 +123,12 @@ $app->get('/auth/callback', function() use($app) {
 
   // If there is no state in the session, start the login again
   if(!array_key_exists('auth_state', $_SESSION)) {
-    $app->redirect('/?error=missing_session_state');
+    $html = render('auth_error', array(
+      'title' => 'Auth Callback',
+      'error' => 'Missing session state',
+      'errorDescription' => 'Something went wrong, please try signing in again, and make sure cookies are enabled for this domain.'
+    ));
+    $app->response()->body($html);
     return;
   }
 
@@ -182,12 +179,11 @@ $app->get('/auth/callback', function() use($app) {
   // An authorization code is in the query string, and we want to exchange that for an access token at the token endpoint.
 
   // Discover the endpoints
-  $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me);
-  $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me);
+  $micropubEndpoint = $_SESSION['indieauth']['micropub_endpoint'];
+  $tokenEndpoint = $_SESSION['indieauth']['token_endpoint'];
 
   if($tokenEndpoint) {
-    $token = IndieAuth\Client::getAccessToken($tokenEndpoint, $params['code'], $me, buildRedirectURI(), Config::$base_url, k($params,'state'), true);
-
+    $token = IndieAuth\Client::getAccessToken($tokenEndpoint, $params['code'], $me, buildRedirectURI(), Config::$base_url, true);
   } else {
     $token = array('auth'=>false, 'response'=>false);
   }
@@ -197,11 +193,11 @@ $app->get('/auth/callback', function() use($app) {
   // If a valid access token was returned, store the token info in the session and they are signed in
   if(k($token['auth'], array('me','access_token','scope'))) {
     // Double check that the domain of the returned "me" matches the expected
-    if(parse_url($token['auth']['me'], PHP_URL_HOST) != parse_url($me, PHP_URL_HOST)) {
+    if(!\p3k\url\host_matches($token['auth']['me'], $me)) {
       $html = render('auth_error', [
         'title' => 'Error Signing In',
         'error' => 'Invalid user',
-        'errorDescription' => 'The user URL that was returned in the access token did not match the domain of the user signing in.'
+        'errorDescription' => 'The user URL that was returned from the token endpoint (<code>'.$token['auth']['me'].'</code>) did not match the domain of the user signing in (<code>'.$me.'</code>).'
       ]);
       $app->response()->body($html);
       return;
@@ -223,6 +219,8 @@ $app->get('/auth/callback', function() use($app) {
       $user->url = $me;
       $user->date_created = date('Y-m-d H:i:s');
     }
+    $user->authorization_endpoint = $_SESSION['indieauth']['authorization_endpoint'];
+    $user->token_endpoint = $tokenEndpoint;
     $user->micropub_endpoint = $micropubEndpoint;
     $user->micropub_access_token = $token['auth']['access_token'];
     $user->micropub_scope = $token['auth']['scope'];
@@ -237,6 +235,7 @@ $app->get('/auth/callback', function() use($app) {
 
   unset($_SESSION['auth_state']);
   unset($_SESSION['attempted_me']);
+  unset($_SESSION['indieauth']);
 
   if($redirectToDashboardImmediately || k($_SESSION, 'dontask')) {
     unset($_SESSION['dontask']);
@@ -253,6 +252,11 @@ $app->get('/auth/callback', function() use($app) {
       $app->redirect('/new?' . http_build_query($query), 302);
     }
   } else {
+    $tokenResponse = $token['response'];
+    $parsed = @json_decode($tokenResponse);
+    if($parsed)
+      $tokenResponse = json_encode($parsed, JSON_PRETTY_PRINT+JSON_UNESCAPED_SLASHES);
+
     $html = render('auth_callback', array(
       'title' => 'Sign In',
       'me' => $me,
@@ -260,7 +264,7 @@ $app->get('/auth/callback', function() use($app) {
       'meParts' => parse_url($me),
       'tokenEndpoint' => $tokenEndpoint,
       'auth' => $token['auth'],
-      'response' => $token['response'],
+      'response' => $tokenResponse,
       'curl_error' => (array_key_exists('error', $token) ? $token['error'] : false),
       'destination' => (k($_SESSION, 'redirect_after_login') ?: '/new')
     ));
diff --git a/controllers/controllers.php b/controllers/controllers.php
index 237c4bb..cc74674 100644
--- a/controllers/controllers.php
+++ b/controllers/controllers.php
@@ -724,7 +724,7 @@ $app->get('/code', function() use($app) {
       'nginx' => ['conf'],
       'apache' => [],
       'text' => ['txt'],
-    ]; 
+    ];
     ksort($languages);
     $language_map = [];
     foreach($languages as $lang=>$exts) {
@@ -989,18 +989,18 @@ $app->get('/edit', function() use($app) {
         'error' => 'There was a problem!',
         'error_description' => $error
       ]);
-      return;      
+      return;
     }
 
     // Until all interfaces are complete, show an error here for unsupported ones
-    if(!in_array($url, ['/favorite','/repost'])) {
+    if(!in_array($url, ['/favorite','/repost','/code'])) {
       render('edit/error', [
         'title' => 'Not Yet Supported',
         'summary' => '',
         'error' => 'Not Yet Supported',
         'error_description' => 'Editing is not yet supported for this type of post.'
       ]);
-      return;      
+      return;
     }
 
     $app->redirect($url . '?edit=' . $params['url'], 302);
diff --git a/controllers/static.php b/controllers/static.php
index 9822d6b..8c4425d 100644
--- a/controllers/static.php
+++ b/controllers/static.php
@@ -11,7 +11,7 @@ function doc_pages($page=null) {
     'syndication' => 'Syndication',
     'post-status' => 'Post Status',
   ];
-  if($page == null) 
+  if($page == null)
     return $pages;
   else
     return $pages[$page];
@@ -28,7 +28,7 @@ $app->get('/', function($format='html') use($app) {
   render('index', array(
     'title' => 'Quill',
     'meta' => '',
-    'authorizing' => false
+    'authorizing' => false,
   ));
 });
 
@@ -42,7 +42,7 @@ $app->get('/creating-a-micropub-endpoint', function() use($app) {
 
 $app->get('/docs', function() use($app) {
   render('docs/index', array(
-    'title' => 'Documentation', 
+    'title' => 'Documentation',
     'authorizing' => false,
     'pages' => doc_pages()
   ));
@@ -51,7 +51,7 @@ $app->get('/docs', function() use($app) {
 $app->get('/docs/:page', function($page) use($app) {
   if(file_exists('views/docs/'.$page.'.php'))
     render('docs/'.$page, array(
-      'title' => doc_pages($page).' - Quill Documentation', 
+      'title' => doc_pages($page).' - Quill Documentation',
       'authorizing' => false
     ));
   else